Is it possible to push our Windows Certification Authority root certificate to devices via policy or another bulk method? While testing I've manually emailed myself the certs and trusted them, but ideally we'd like to make this seamless for users and support staff.